Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-09 20:03:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
11,606 Commits 38 Branches 348 Tags
Commit Graph

11606 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Eleftheria Stein
420e8227d4 Resolve artifacts from Maven Central first 
- Use spring-build-conventions:0.0.36
- Add https://repo.spring.io/release to reference

Closes gh-9367
 2021-01-22 13:28:35 +01:00
tristanessquare
580b988e7f
Fix NullPointerException 
- Caused by a malformed WWW-Authenticate value

Closes gh-9364
 2021-01-21 16:22:29 -07:00
tristanessquare
56db058fd0
Fix NullPointerException 
- Caused by a malformed WWW-Authenticate value
 2021-01-21 16:18:23 -07:00
Eleftheria Stein
793781fb67 Add manual trigger to CI workflow 
Closes gh-9360
 2021-01-21 14:02:54 +01:00
Rob Winch
1181740f79 Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2021-01-20 16:18:25 -06:00
Rob Winch
e6d6b39767 Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2021-01-20 16:17:25 -06:00
Rob Winch
acb5ae607b Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2021-01-20 16:09:21 -06:00
Ihor Ilkevych
43a071a89e Add WebFlux oauth2Login with formLogin test 
Closes gh-9326
 2021-01-20 15:04:06 -05:00
Rob Winch
ad4497fb72 Add https://repo.spring.io/release to reference 2021-01-19 22:50:43 -06:00
Rob Winch
51ee0de3fd Use spring-build-conventions:0.0.36 2021-01-19 17:20:12 -06:00
Rob Winch
c421b3f635 spring-build-conventions:0.0.35.RELEASE 2021-01-19 17:20:12 -06:00
Rob Winch
3db112cc20 Spring Boot 2.4.0 2021-01-19 17:20:12 -06:00
Evgeniy Cheban
77484018bb Reconsider AntPathRequestMatcher matching logic 
Closes gh-9285
 2021-01-19 12:02:06 -07:00
Josh Cummings
f36e2fca59
Remove SingleKeyJWSKeySelector 
Closes gh-9348
 2021-01-15 22:15:56 -07:00
Josh Cummings
65d3b0d71c
Add ResourceKeyConverterAdapter 
Simplifies publishing RsaKeyConverters with
@ConfigurationPropertiesBinding

Issue gh-9316
 2021-01-15 22:15:56 -07:00
Nelson Osacky
06b748c9c2 Update Gradle Enterprise Gradle Plugin 2021-01-13 12:44:03 -06:00
Ivan Pavlov
f4d78d00ef Extend CorsDsl with CorsConfigurationSource property 
Issue: gh-9314
 2021-01-13 10:22:07 +01:00
Rob Winch
77a1befcc2 Fix Checkstyle for CsrfWebFilter 
Issue gh-9337
 2021-01-12 11:38:01 -06:00
Rob Winch
0201c31deb Fix Checkstyle for CsrfWebFilter 
Issue gh-9337
 2021-01-12 11:37:12 -06:00
Rob Winch
628ea00ad4 Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:31:26 -06:00
Rob Winch
b08075a721 Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:30:12 -06:00
Rob Winch
61b75bb2d6 Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:19:11 -06:00
Rob Winch
a1083d9a5c Fix CsrfWebFilter error message when expected CSRF not found 
Closes gh-9337
 2021-01-12 11:18:29 -06:00
Josh Cummings
160a4a3676
Reformat MvcRequestMatcher 
- Moved related private methods together

Issue gh-9284
 2021-01-11 08:28:59 -07:00
Evgeniy Cheban
8449df9fd2
Consider Aligning MvcRequestMatcher's matching methods 
Closes gh-9284
 2021-01-09 21:42:16 +03:00
Josh Cummings
6499a235b0
Suppress Compiler Warnings 2021-01-08 11:30:28 -07:00
Eleftheria Stein
429caeacc9 Fix bug with multiple AuthenticationManager beans 
Closes gh-9256
 2021-01-06 18:19:13 +01:00
Eleftheria Stein
8cefc8a792 Fix bug with multiple AuthenticationManager beans 
Closes gh-9256
 2021-01-06 16:26:26 +01:00
Josh Cummings
7dde7cffda
Add Status Check 
Closes gh-8955
 2021-01-05 17:32:47 -07:00
Josh Cummings
337d24e6db
Update Copyright Messages 
Issue gh-9202
 2021-01-05 15:30:51 -07:00
Mazen Aissa
c907838440
Make max-session configurable 
Closes gh-9202
 2021-01-05 15:30:51 -07:00
Nelson Osacky
6d59b1044a Add Revved up by Gradle Enterprise badge to README 
Similar to: https://github.com/spring-projects/spring-boot/pull/24640
 2021-01-05 11:00:41 -07:00
Josh Cummings
0fc80a6a65
Renew Sample Certificate 
Closes gh-9320
 2021-01-04 12:12:29 -07:00
Josh Cummings
6dc22835fd
Renew Sample Certificate 
Closes gh-9320
 2021-01-04 12:12:17 -07:00
Josh Cummings
8c93d95818
Renew Sample Certificate 
Closes gh-9320
 2021-01-04 12:11:19 -07:00
Josh Cummings
cb10c9cfb6
Renew Sample Certificate 
Closes gh-9320
 2021-01-04 12:06:55 -07:00
Zeeshan Adnan
848bd44837
Remove unused code 
Issue gh-9203
 2020-12-18 11:49:52 -07:00
Rob Winch
40e027c56d Constant Time Comparison for CSRF tokens 
Closes gh-9291
 2020-12-17 15:01:43 -06:00
Josh Cummings
c066e23a86
Add @since attributes 
Issue gh-8900
 2020-12-16 15:58:53 -07:00
Evgeniy Cheban
34b4b1054f Add AuthorizationManager 
Closes gh-8900
 2020-12-16 15:58:36 -07:00
Nick McKinney
5306d4c4d5 Minor cleanup on Ant / Regex Request Matchers 
- Removed duplicative code for transforming String into HttpMethod
 - Removed an unnecessary array initialization
 2020-12-14 14:19:23 +01:00
Nick McKinney
6be25df1db Introduced DispatcherType request matcher 
Created a DispatcherTypeRequestMatcher and corresponding methods
for configuring an HttpSecurity object. This enables filtering of
security rules based on the dispatcher type of the incoming servlet
request.

Closes gh-9205
 2020-12-14 14:19:23 +01:00
Josh Cummings
2566abec31
Add Type Parameter 
Closes gh-8412
 2020-12-11 10:20:18 -07:00
Christophe Gilles
54d3839f63 Add permissionsPolicy http header 2020-12-11 12:32:18 +01:00
Serdar Kuzucu
48ef27b80a Make assertion messages in CookieCsrfTokenRepository clearer 
Changes assertion message format from 'X is not null' to
'X cannot be null' since this is more meaningful when the error
occurs and the message is printed in the logs.

Closes gh-9195
 2020-12-09 10:45:22 -06:00
Serdar Kuzucu
76e117a67a Allow maximum age of csrf cookie to be configured 
Allows maxAge of the generated cookie by CookieCsrfTokenRepository
to be configurable.

Prior to this commit, maximum age was set with a value of -1.

After this commit, it will be configured by the user with an either
positive or negative value. If the user does not provide a value,
it will be set -1.

An IllegalArgumentException will be thrown when
this value is set to zero.

Closes gh-9195
 2020-12-09 10:45:22 -06:00
Eleftheria Stein
90b48554e4 Fix Custom DSL sample in docs 2020-12-09 10:48:15 +01:00
Josh Cummings
f614a8230c
Polish getRemoteUser 
- Corrected instanceof check

Issue gh-3357
 2020-12-03 13:08:40 -07:00
Stephen Joyner
9c373ef4f8
getRemoteUser() returns principal name 
Closes gh-3357
 2020-12-03 13:08:40 -07:00
Ovidiu Popa
174b71c017 OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject 
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)

With this change, even if the check is passing a new List or Map will be returned.

Closes gh-9210
 2020-12-03 11:42:00 -05:00